Vtiger Vtiger_crm
16 CVEs affecting Vtiger Vtiger_crm. Latest disclosed: 2017-04-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-4834 | High | 8.1 | 2016-08-01 | modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create… |
CVE-2016-1713 | High | 7.3 | 2017-04-14 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtig… |
CVE-2014-2268 | | 2014-11-16 | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the… | |
CVE-2014-1222 | | 2014-08-12 | Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files… | |
CVE-2014-2269 | | 2014-04-22 | modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containi… | |
CVE-2013-3213 | | 2014-04-02 | Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name par… | |
CVE-2013-7326 | | 2014-02-14 | Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to… | |
CVE-2013-5091 | | 2013-10-04 | SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands… | |
CVE-2012-4867 | | 2012-09-06 | Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a… | |
CVE-2011-4680 | | 2011-12-07 | Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or… | |
CVE-2011-4679 | | 2011-12-07 | vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass inten… | |
CVE-2011-4670 | | 2011-12-02 | Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) v… | |
CVE-2011-4559 | | 2011-11-28 | SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuse… | |
CVE-2010-3911 | | 2010-11-26 | Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the userna… | |
CVE-2010-3910 | | 2010-11-26 | Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote att… | |
CVE-2010-3909 | | 2010-11-26 | Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the d… |